Hacking & Security Posts - Page 1

As more vehicles include connected features such as high-tech infotainment systems, the problem won't just disappear anytime soon. In fact, this is something that we'll end up hearing more about in the future, as more problems are identified.

"This is the shot across the bow. Everybody's been saying 'cybersecurity,'" said Mark Rosekind, head of the National Transportation Safety Administration (NTSA), in a statement published by the NBC News. "You've got to see the entire industry proactively dealing with these things."

News that hackers were able to hijack a Jeep vehicle was the most recent connected car security fear - and it's something that has the NTSA frightened. "The supplier didn't just supply radios to Chrysler but to a lot of other manufacturers - a lot of our work now is trying to find out how broad the vulnerability could be."

The Chinese government and suspected hacker groups with ties to Beijing are enjoying their attacks against the United States economy, according to a secret map compiled by the National Security Agency (NSA). Each red dot signifies a major corporate, private or government cyberattack victim from suspected Chinese sources:

When it comes to cybersecurity, the United States clearly hasn't taken the threat seriously enough, and it's glaringly obvious to organized hackers and foreign governments. Although the folks in Washington absolutely love to spy on others, they haven't done a very good job trying to prevent these attacks.

If the map is accurate, the NSA has a pretty good idea on which companies, government networks, and critical infrastructure the Chinese hackers are interested in compromising.

The United States spied on companies such as Mitsubishi and Matsui, Japanese government officials, ministries and senior advisers to Prime Minister Shinzo Abe's administration. Other targets included the Japanese Cabinet Office switchboard, Japanese Central Bank officials, governors, and other high-ranking officials.

"In these documents we see the Japanese government worrying in private about how much or how little to tell the United States, in order to prevent undermining of its climate change proposal or its diplomatic relationship," said Julian Assange, Editor-in-Chief of WikiLeaks. "And yet we now know that the United States heard everything and read everything, and was passing around the deliberations of Japanese leadership to Australia, Canada, New Zealand and the UK."

Cybercriminals known as "ratters," responsible for hijacking webcams and other electronic devices to spy on unsuspecting users, are finding new ways to launch attacks. Specifically, the groups use remote access tools (RATs) to steal images and photos from webcams, and have lately started charging others for this stolen data.

"Ratters are disturbingly comfortable with spreading misery and fear," said Adam Benson, deputy executive director for the Digital Citizens Alliance. "It's like a game for them. We saw them chat about it on Hack Forums and then share videos showing off how they scare young people, spy on people in private moments, and steal pictures from victims' accounts."

It's not uncommon to find RATs available for download on Internet forums and through file-sharing services. One such forum offered access to compromised devices for $1 for guys and $5 for women - showing there a modest financial incentive.

White hat hacker Samy Kamkar recently posted a video discussing how he found a way to "locate, unlock and remote-start" General Motors vehicles by compromising the OnStar vehicle communications system.

Using the gadget, which cost around $100 to make, the system makes it possible to locate, unlock, and start the engine. Once a small wireless device has been placed near a GM car with OnStar, Kamkar was able to gain unauthorized access to the vehicle.

Dubbed the "OwnStar" system, Kamkar showed he was able to intercept communication from the OnStar service and OnStar RemoteLink mobile app. Technical details will be revealed during Def Con next week.

The FBI isn't finding it very easy to beef up its cybersecurity ranks, largely due to lower salaries, according to a report from the US Department of Justice.

In addition to higher salaries in the private sector, trying to get a government position related to cybersecurity involves multiple hoops that people won't have to jump through if they simply go to Silicon Valley. Applicants have to undergo extensive background checks, drug screenings, and other hurdles that private sector companies typically don't bother with.

Under the Justice Department's Next Generation Cyber Initiative, which went live in 2012, the FBI has successfully recruited just 52 of the 134 computer scientists it was granted permission to hire.

United Airlines, the No. 2 largest airline company in the world, was apparently attacked by Chinese hackers in May or June.

If true, it looks like hackers could have been able to collect movement data on millions of American travelers. Passengers, flight origins and destinations, and other data was likely taken by the hackers, according to unnamed officials speaking with Bloomberg.

"Speculation that China is responsible for the United Airlines breach is interesting but at this point, irrelevant," said Jason Polanich, founder and chief architect of SurfWatch Labs. " Too many companies have a false sense of security, thinking it won't happen to them. Pair that with the fact that hacking tools are available to virtually everyone today via illicit trade on the Dark Web and in other places and you've got a recipe for disaster.

The United States faces an overwhelming number of foreign-based cyberattacks, and there is no clear strategy on how to defend - and retaliate - against these attacks.

"We have known for a long time that there are significant vulnerabilities and that these vulnerabilities are gonna accelerate as time goes by, both in systems within government and within the private sector," Obama noted during an international summit last month.

Even though it's important to be able to conduct surveillance - the United States, which arguable has more to lose in the cybersecurity space than other nations - should have worked more diligently to improve its security infrastructure.

As part of its "Operation Anon Down," the Anonymous hacker collective promises to continue leaking documents from the Canadian Security Intelligence Service (CSIS). In its first data release, Anonymous shared a 2014 Treasury Board memo regarding funding of the Canadian spy agency's operational ability overseas.

During a protest of a dam project, the Royal Canadian Mounted Police (RCMP) shot and killed James McIntyre, a protester wearing a Guy Fawkes mask. The police said McIntyre ignored their commands while approaching in an "aggressive manner." Here is what Independent Investigations Office said:

"According to the police, officers were responding to a report of a male causing a disturbance at a public information session. Upon arrival, police encountered a masked individual outside, believed to be connected to the complaint. A confrontation occurred and the male affected person was shot."

Edward Snowden doesn't have very many fans when it comes to people in the US government and the National Surveillance Agency (NSA).

"It is hard to quantify this harm, such as it is, but I think the inflammatory nature of the way the Snowden affair played out really set back our collective discussion on cybersecurity," said Rajesh De, former general counsel for the NSA, when asked about Snowden's data leaks during the Big Law Business Summit.

The White House recently responded to a petition to the White House that sought an official pardon for Snowden. Of course, that's not going to happen: